ElmersGlue Ransomware

Also Known As: ElmersGlue virus
Distribution: Low
Damage level: Severe

"ElmersGlue" virus removal guide

What is "ElmersGlue"?

ElmersGlue is a ransomware-type virus that stealthily infiltrates systems and encrypts files. In doing so, ElmersGlue appends the ".elmerlocked" extension to the name of each encrypted file. For example, "sample.jpg" is renamed to "sample.jpg.elmerlocked". Following successful encryption, ElmersGlue locks the computer screen and displays a ransom-demand message.

Note that ElmersGlue malware locks computer screens, whilst other ransomware-type viruses create .txt or HTML files containing ransom-demand messages. The ElmersGlue message informs victims of the encryption and states that a ransom of the equivalent of $64 in Bitcoins must be paid to restore compromised data. It is currently unknown whether ElmersGlue uses symmetric or asymmetric cryptography. In any case, decryption without a unique key is impossible. Cyber criminals store this key on a remote server and victims are encouraged to pay a ransom to receive it. Research shows, however, that paying does not guarantee that files will ever be decrypted. Cyber criminals often ignore victims once payments are submitted - there is a high probability that paying will not deliver any positive results and you might be scammed. Therefore, we strongly advise you to ignore all requests to pay or contact these people. Unfortunately, there are no tools capable of restoring files encrypted by ElmersGlue malware and the only solution is to restore your files/system from a backup.

Screenshot of a message encouraging users to pay a ransom to decrypt their compromised data:

ElmersGlue decrypt instructions

The Internet is full of ransomawre-type viruses similar to ElmersGlue. EncrypTile, GlobeImposter, and BeethoveN (these are just some examples from a long list). All ransomware encrypts files and makes ransom demands. There are just two major differences: 1) type of encryption algorithm used, and; 2) cost of decryption. Most of these viruses use cryptographies that generate unique decryption keys and, thus, restoring files manually is usually impossible.

How did ransomware infect my computer?

Criminals proliferate ransomware by employing spam emails (infectious attachments), unofficial software download sources (freeware download websites, free file hosting websites, peer-to-peer networks, etc.), fake software update tools, and trojans. Spam emails often contain malicious attachments (for example, JavaScript files, MS Office documents) that, once opened, download the malware. Furthermore, unofficial software download sources often proliferate infectious executable files that are presented as legitimate software. Fake software updaters exploit outdated software bugs to infect the system.

How to protect yourself from ransomware infections?

To prevent this situation, be very cautious when browsing the Internet. Firstly, never open files received from suspicious email addresses or download software from unofficial sources. Secondly, keep your installed applications up-to-date and use a legitimate anti-virus/anti-spyware suite. The key to computer safety is caution.

Text presented within ElmersGlue ransomware lock screen:

Elmer’s Glue Locker v2.0
Your computer has been locked with some EXTREMELY sticky Elmer’s Glue
There is only one way to remove the Elmer’s Glue is to copy your unlock ID
Send $64 in bitcoins to this bitcoin address:
14eLrvFgSjEC4DD4DafN9mpYufygbH3Hcr
Once you have paid, send an email to elmersglue@india.com and give us your unlock ID. We will check you payment and then give you the code. When the 2 hour timer hits zero, your files will be encrypted.
Got your 5 digit code? Submit it here.

Screenshot of ElmersGlue previous lock screen design:

ElmersGlue previous design

Here's another variant of this ransomware:

elmersglue version 3

Another variant of this ransomware called "Gorilla Glue Locker":

gorilla glue locker ransomware

Screenshot of files encrypted by ElmersGlue (".elmerslocked" extension):

Files encrypted by ElmersGlue

Quick menu:

"ElmersGlue" virus removal:

Step 1

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click on the "Restart now" button. Your computer will now restart into "Advanced Startup options menu". Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking Prompt.

Windows 8 Safe Mode with networking

Video showing how to start Windows 8 in "Safe Mode with Networking":

Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options". In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.

windows 10 safe mode with networking

Video showing how to start Windows 10 in "Safe Mode with Networking":

Step 2

Log in to the account infected with the "ElmersGlue" virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.


Download remover for ElmersGlue virus
1) Download and install   2) Run system scan   3) Enjoy your clean computer!

By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Reimage.


If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.

Video showing how to remove viruses using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window, click "Next".

restore system files and settings

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the "ElmersGlue" virus infiltrating your PC).

select a restore point

6. In the opened window, click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the "ElmersGlue" virus.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some viruses disable Safe Mode making it's removal complicated. For this step, you require access to another computer. After removing "ElmersGlue" virus from your PC, restart your computer and scan it with legitimate anti-spyware software to remove any possible remnants of this security infection.

Other tools known to remove this scam: